<html xmlns="http://www.w3.org/1999/xhtml"><head><meta http-equiv="Content-Type" content="text/html; charset=utf-8"></meta><title>Nessus-20210331105831</title><style type="text/css" media="all">
                    html, body, div, span, applet, object, iframe, h1, h2, h3, h4, h5, h6, p, blockquote, pre, a, abbr, acronym, address, big, cite, code, del, dfn, em, img, ins, kbd, q, s, samp, small, strike, strong, sub, sup, tt, var, b, u, i, center, dl, dt, dd, ol, ul, li, fieldset, form, label, legend, table, caption, tbody, tfoot, thead, tr, th, td, article, aside, canvas, details, embed, figure, figcaption, footer, header, hgroup, menu, nav, output, ruby, section, summary, time, mark, audio, video {
                        margin: 0;
                        padding: 0;
                        border: 0;
                        font-size: 100%;
                        font: inherit;
                        vertical-align: baseline;
                        -webkit-text-size-adjust: none;
                    }

                    html, body {
                        font-family: 'Helvetica Neue', 'Segoe UI', helvetica, arial, sans-serif;
                        width: 100%;
                        color: #333;
                        font-size: 13px;
                        background: #efefef;
                    }

                    a, a:visited, a:active {
                        color: #0071b9;
                        text-decoration: none;
                    }

                    a:hover {
                        color: #0071b9;
                        text-decoration: underline;
                    }

                    .clear {
                        clear: both;
                        width: 0 !important;
                        height: 0 !important;
                        margin: 0 !important;
                        padding: 0 !important;
                    }

                    table {
                        table-layout: fixed;
                        width: 100%;
                        border-collapse: collapse;
                        border-spacing: 0;
                    }

                    .plugin-row-header {
                        height: 35px;
                        line-height: 35px;
                        background: #f5f5f5;
                        font-size: 12px;
                        border: 1px solid #ddd;
                    }

                    .plugin-row {
                        height: 40px;
                        border: 1px solid #ddd;
                    }

                    .plugin-row td {
                        padding: 10px 0;
                        line-height: 20px;
                    }

                    .table-wrapper.details,
                    .table-wrapper.see-also {
                        margin: 0 0 20px 0;
                    }

                    .table-wrapper.details > table > tbody > tr > td {
                        padding: 5px 0;
                    }

                    .button {
                        display: block;
                        float: left;
                        line-height: 30px;
                        background: #eee;
                        border-radius: 3px;
                        cursor: pointer;
                        padding: 0 15px;
                    }

                    .button:hover {
                        background: #ccc;
                    }

                    .expand {
                        display: block;
                        float:right;
                        font-size: 12px;
                        color: #0071b9;
                        cursor: pointer;
                        font-weight: normal;
                        line-height: 20px;
                        margin: 0 0 0 10px;
                    }

                    .expand:hover {
                        text-decoration: underline;
                    }

                    .expand-spacer {
                        display: block;
                        float:right;
                        font-size: 12px;
                        font-weight: normal;
                        line-height: 20px;
                        margin: 0 0 0 10px;
                    }

                    .details-header {
                        font-size: 14px;
                        font-weight: bold;
                        padding: 0 0 5px 0;
                        margin: 0 0 5px 0;
                        border-bottom: 1px dotted #ccc;
                    }

                    .offline {
                        background-image: -webkit-repeating-linear-gradient(135deg, transparent, transparent 5px, rgba(255, 255, 255, .2) 5px, rgba(255, 255, 255, .2) 10px) !important;
                        background-image: repeating-linear-gradient(135deg, transparent, transparent 5px, rgba(255, 255, 255, .2) 5px, rgba(255, 255, 255, .2) 10px) !important;
                    }

                    .acas-header {
                        padding: 0 10px;
                    }

                    .acas-header,
                    .acas-footer > h1 {
                        color: #fff;
                        font-weight: bold;
                        font-size: 15px;
                        text-align: center;
                    }
                </style><script type="text/javascript">
                        var toggle = function (id) {
                            var div = document.getElementById(id);
                            var button = document.getElementById(id + '-show');

                            if (!div || !button) {
                                return;
                            }

                            if (div.style.display === '' || div.style.display === 'block') {
                                button.style.display = 'block';
                                div.style.display = 'none';
                                adjustWatermark();
                                return;
                            }

                            button.style.display = 'none';
                            div.style.display = 'block';

                            adjustWatermark();
                        };

                        var toggleAll = function (hide) {
                            if (document.querySelectorAll('div.section-wrapper').length) {
                                toggleAllSection(hide);
                                adjustWatermark();
                                return;
                            }

                            var divs = document.querySelectorAll('div.table-wrapper');

                            for (var i = 0, il = divs.length; i < il; i++) {
                                var id = divs[i].getAttribute('id');
                                var div = document.getElementById(id);
                                var button = document.getElementById(id + '-show');

                                if (div && button) {
                                    if (hide) {
                                        button.style.display = 'block';
                                        div.style.display = 'none';
                                        adjustWatermark();
                                        continue;
                                    }

                                    button.style.display = 'none';
                                    div.style.display = 'block';
                                }
                            }
                            adjustWatermark();
                        };

                        var toggleSection = function (id) {
                            var div = document.getElementById(id);
                            var toggleText = document.getElementById(id.split('-')[0] + '-toggletext');

                            if (!div) {
                                return;
                            }

                            if (div.style.display !== 'none') {
                                toggleText.innerText = '+';
                                div.style.display = 'none';
                                adjustWatermark();
                                return;
                            }

                            toggleText.innerText = '-';
                            div.style.display = 'block';

                            adjustWatermark();
                        };

                        var toggleAllSection = function (hide) {
                            var divs = document.querySelectorAll('div.section-wrapper');

                            for (var i = 0, il = divs.length; i < il; i++) {
                                var id = divs[i].getAttribute('id');
                                var div = document.getElementById(id);
                                var toggleText = document.getElementById(id.split('-')[0] + '-toggletext');

                                if (div) {
                                    if (hide) {
                                        toggleText.innerText = '+';
                                        div.style.display = 'none';
                                        continue;
                                    }

                                    toggleText.innerText = '-';
                                    div.style.display = 'block';
                                }
                            }
                            adjustWatermark();
                        };

                        var adjustWatermark = function () {
                          if (document.getElementById('nessus-watermark')) {
                            let el = document.getElementById('nessus-watermark');
                            let body = document.body;
                            let html = document.documentElement;
                            let height = Math.max( body.scrollHeight, body.offsetHeight,
                                html.clientHeight, html.scrollHeight, html.offsetHeight );
                            el.setAttribute('height', body.offsetHeight);
                          }
                        };
                        </script></head><body><div id="report" style="width: 1024px; box-sizing: border-box; margin: 0 auto; background: #fff; padding: 0 20px 20px 20px; border-top: #263746 solid 3px; box-shadow: 0 2px 10px rgba(0, 0, 0, .2); margin-bottom: 20px; border-radius: 0 0 3px 3px;"><header style="width: 100%; border-bottom: 1px dotted #ccc; padding: 20px 0; margin: 0 0 20px 0;"><div style="float: left;"><h1><img src="" height="50" border="0" alt="Nessus Report" style="display: block;"></img></h1></div><div style="float: right;"><h1 style="font-size: 18px;"></h1><h2 style="color: #999; text-align: right">Report generated by Nessus™</h2></div><div class="clear"></div></header><div class="clear"></div><h3 style="font-size: 24px; font-weight: 100;">Nessus-20210331105831</h3><h4 style="color: #999; border-bottom: 1px dotted #ccc; padding: 0 0 20px 0; margin: 0 0 20px 0;">Wed, 31 Mar 2021 11:05:16 CST</h4><div class="clear"></div><div style="width: 100%;"><h5 xmlns="" style="font-size: 16px; font-weight: bold; margin-bottom: 20px;">TABLE OF CONTENTS</h5>
<ul xmlns="" style="list-style-type: none; margin-bottom: 20px;"><li style="font-size: 14px;">
<a href="#idp46438005607176" style="font-weight: bold;">Vulnerabilities by Host</a><ul style="list-style-type: disc; margin: 10px 0 0 20px;"><li style="margin: 0 0 10px 0; color: #000000;"><a href="#idp46438005608072">192.168.31.55</a></li></ul>
</li></ul>
<h6 xmlns="" id="idp46438005607176" style="padding: 20px 0; border-top: 1px dotted #ccc; border-bottom: 1px dotted #ccc; font-size: 20px; font-weight: 100; line-height: 20px;">Vulnerabilities by Host<span onclick="toggleAll();" class="expand">Expand All</span><span class="expand-spacer"> | </span><span onclick="toggleAll(true);" class="expand">Collapse All</span>
</h6>
<div xmlns="" id="idp46438005608072" style="font-size: 22px; font-weight: bold; padding: 10px 0;">192.168.31.55<div class="clear"></div>
</div>
<div xmlns="" id="idp46438005609352" style="display: block;" class="table-wrapper ">
<table cellpadding="0" cellspacing="0">
<thead><tr>
<th width=""></th>
<th width=""></th>
<th width=""></th>
<th width=""></th>
<th width=""></th>
</tr></thead>
<tbody>
<tr class="">
<td class="#d43f3a"><div style="box-sizing: border-box; font-size: 45px; font-weight: 100; line-height: 80px; color: #fff; text-align: center; background: #d43f3a; border-radius: 3px 3px 0 0; width: 98%; margin: 0;">0</div></td>
<td class="#ee9336"><div style="box-sizing: border-box; font-size: 45px; font-weight: 100; line-height: 80px; color: #fff; text-align: center; background: #ee9336; border-radius: 3px 3px 0 0; width: 98%; margin: 0;">0</div></td>
<td class="#fdc431"><div style="box-sizing: border-box; font-size: 45px; font-weight: 100; line-height: 80px; color: #fff; text-align: center; background: #fdc431; border-radius: 3px 3px 0 0; width: 98%; margin: 0;">2</div></td>
<td class="#3fae49"><div style="box-sizing: border-box; font-size: 45px; font-weight: 100; line-height: 80px; color: #fff; text-align: center; background: #3fae49; border-radius: 3px 3px 0 0; width: 98%; margin: 0;">1</div></td>
<td class="#0071b9"><div style="box-sizing: border-box; font-size: 45px; font-weight: 100; line-height: 80px; color: #fff; text-align: center; background: #0071b9; border-radius: 3px 3px 0 0; width: 98%; margin: 0;">22</div></td>
</tr>
<tr class="">
<td class="#ffffff"><div style="font-size: 10px; text-transform: uppercase; padding: 5px 0; text-align: center; width: 98%; box-sizing: border-box; border-left: 1px solid #ddd; border-right: 1px solid #ddd; border-bottom: 1px solid #ddd; border-radius: 0 0 3px 3px;  margin: 0; margin-bottom: 15px;">Critical</div></td>
<td class="#ffffff"><div style="font-size: 10px; text-transform: uppercase; padding: 5px 0; text-align: center; width: 98%; box-sizing: border-box; border-left: 1px solid #ddd; border-right: 1px solid #ddd; border-bottom: 1px solid #ddd; border-radius: 0 0 3px 3px;  margin: 0; margin-bottom: 15px;">High</div></td>
<td class="#ffffff"><div style="font-size: 10px; text-transform: uppercase; padding: 5px 0; text-align: center; width: 98%; box-sizing: border-box; border-left: 1px solid #ddd; border-right: 1px solid #ddd; border-bottom: 1px solid #ddd; border-radius: 0 0 3px 3px;  margin: 0; margin-bottom: 15px;">Medium</div></td>
<td class="#ffffff"><div style="font-size: 10px; text-transform: uppercase; padding: 5px 0; text-align: center; width: 98%; box-sizing: border-box; border-left: 1px solid #ddd; border-right: 1px solid #ddd; border-bottom: 1px solid #ddd; border-radius: 0 0 3px 3px;  margin: 0; margin-bottom: 15px;">Low</div></td>
<td class="#ffffff"><div style="font-size: 10px; text-transform: uppercase; padding: 5px 0; text-align: center; width: 98%; box-sizing: border-box; border-left: 1px solid #ddd; border-right: 1px solid #ddd; border-bottom: 1px solid #ddd; border-radius: 0 0 3px 3px;  margin: 0; margin-bottom: 15px;">Info</div></td>
</tr>
</tbody>
</table>
<div class="clear"></div>
</div>
<div xmlns="" class="details-header">Scan Information<div class="clear"></div>
</div>
<div xmlns="" id="idp46438036646536" style="display: block;" class="table-wrapper details">
<table cellpadding="0" cellspacing="0">
<thead><tr>
<th width="20%"></th>
<th width="80%"></th>
</tr></thead>
<tbody>
<tr class="">
<td class="#ffffff">Start time:</td>
<td class="#ffffff">Wed Mar 31 10:58:57 2021</td>
</tr>
<tr class="">
<td class="#ffffff">End time:</td>
<td class="#ffffff">Wed Mar 31 11:05:16 2021</td>
</tr>
</tbody>
</table>
<div class="clear"></div>
</div>
<div xmlns="" class="details-header">Host Information<div class="clear"></div>
</div>
<div xmlns="" id="idp46438045562376" style="display: block;" class="table-wrapper details">
<table cellpadding="0" cellspacing="0">
<thead><tr>
<th width="20%"></th>
<th width="80%"></th>
</tr></thead>
<tbody><tr class="">
<td class="#ffffff">IP:</td>
<td class="#ffffff">192.168.31.55</td>
</tr></tbody>
</table>
<div class="clear"></div>
</div>
<div xmlns="" class="details-header">Vulnerabilities<div class="clear"></div>
</div>
<h2 xmlns="" class=""></h2>
<div xmlns="" id="idp46438056108040" style="box-sizing: border-box; width: 100%; margin: 0 0 10px 0; padding: 5px 10px; background: #fdc431; font-weight: bold; font-size: 14px; line-height: 20px; color: #fff;" class="" onclick="toggleSection('idp46438056108040-container');" onmouseover="this.style.cursor='pointer'">51192 - SSL Certificate Cannot Be Trusted<div id="idp46438056108040-toggletext" style="float: right; text-align: center; width: 8px;">
                -
            </div>
</div>
<div xmlns="" id="idp46438056108040-container" style="margin: 0 0 45px 0;" class="section-wrapper">
<div class="details-header">Synopsis<div class="clear"></div>
</div>
<div style="line-height: 20px; padding: 0 0 20px 0;">The SSL certificate for this service cannot be trusted.<div class="clear"></div>
</div>
<div class="details-header">Description<div class="clear"></div>
</div>
<div style="line-height: 20px; padding: 0 0 20px 0;">The server's X.509 certificate cannot be trusted. This situation can occur in three different ways, in which the chain of trust can be broken, as stated below :<br> <br>  - First, the top of the certificate chain sent by the     server might not be descended from a known public     certificate authority. This can occur either when the     top of the chain is an unrecognized, self-signed     certificate, or when intermediate certificates are     missing that would connect the top of the certificate     chain to a known public certificate authority.<br> <br>  - Second, the certificate chain may contain a certificate     that is not valid at the time of the scan. This can     occur either when the scan occurs before one of the     certificate's 'notBefore' dates, or after one of the     certificate's 'notAfter' dates.<br> <br>  - Third, the certificate chain may contain a signature     that either didn't match the certificate's information     or could not be verified. Bad signatures can be fixed by     getting the certificate with the bad signature to be     re-signed by its issuer. Signatures that could not be     verified are the result of the certificate's issuer     using a signing algorithm that Nessus either does not     support or does not recognize.<br> <br>If the remote host is a public host in production, any break in the chain makes it more difficult for users to verify the authenticity and identity of the web server. This could make it easier to carry out man-in-the-middle attacks against the remote host.<div class="clear"></div>
</div>
<div class="details-header">See Also<div class="clear"></div>
</div>
<div id="idp46438066102792" style="display: block;" class="table-wrapper see-also">
<table cellpadding="0" cellspacing="0">
<thead><tr><th width="100%"></th></tr></thead>
<tbody>
<tr class=""><td class="#ffffff"><a href="https://www.itu.int/rec/T-REC-X.509/en" target="_blank">https://www.itu.int/rec/T-REC-X.509/en</a></td></tr>
<tr class=""><td class="#ffffff"><a href="https://en.wikipedia.org/wiki/X.509" target="_blank">https://en.wikipedia.org/wiki/X.509</a></td></tr>
</tbody>
</table>
<div class="clear"></div>
</div>
<div class="details-header">Solution<div class="clear"></div>
</div>
<div style="line-height: 20px; padding: 0 0 20px 0;">Purchase or generate a proper certificate for this service.<div class="clear"></div>
</div>
<div class="details-header">Risk Factor<div class="clear"></div>
</div>
<div style="line-height: 20px; padding: 0 0 20px 0;">Medium<div class="clear"></div>
</div>
<div class="details-header">CVSS v3.0 Base Score<div class="clear"></div>
</div>
<div style="line-height: 20px; padding: 0 0 20px 0;">6.5 (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N)<div class="clear"></div>
</div>
<div class="details-header">CVSS Base Score<div class="clear"></div>
</div>
<div style="line-height: 20px; padding: 0 0 20px 0;">6.4 (CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:N)<div class="clear"></div>
</div>
<div class="details-header">Plugin Information<div class="clear"></div>
</div>
<div style="line-height: 20px; padding: 0 0 20px 0;">Published: 2010/12/15, Modified: 2018/11/15<div class="clear"></div>
</div>
<div class="details-header">Plugin Output<div class="clear"></div>
</div>
<h2>tcp/8891</h2>
<div class="clear"></div>
<div style="box-sizing: border-box; width: 100%; background: #eee; font-family: monospace; padding: 20px; margin: 5px 0 20px 0;">
    <br>The following certificate was at the top of the certificate<br>
    chain sent by the remote host, but it is signed by an unknown<br>
    certificate authority :<br> <br>
    |-Subject : C=GB/ST=浙江省杭州市滨江区/L=杭州/O=杭州安恒信息技术有限公司/OU=杭州安恒信息技术有限公司/CN=杭州安恒<br>
    |-Issuer  : C=GB/ST=浙江省杭州市滨江区/L=杭州/O=杭州安恒信息技术有限公司/OU=杭州安恒信息技术有限公司/CN=杭州安恒
    <div class="clear"></div>
</div>
<div class="clear"></div>
<div class="clear"></div>
</div>
<div xmlns="" class="clear"></div>
<div xmlns="" id="idp46438112286216" style="box-sizing: border-box; width: 100%; margin: 0 0 10px 0; padding: 5px 10px; background: #fdc431; font-weight: bold; font-size: 14px; line-height: 20px; color: #fff;" class="" onclick="toggleSection('idp46438112286216-container');" onmouseover="this.style.cursor='pointer'">57582 - SSL Self-Signed Certificate<div id="idp46438112286216-toggletext" style="float: right; text-align: center; width: 8px;">
                -
            </div>
</div>
<div xmlns="" id="idp46438112286216-container" style="margin: 0 0 45px 0;" class="section-wrapper">
<div class="details-header">Synopsis<div class="clear"></div>
</div>
<div style="line-height: 20px; padding: 0 0 20px 0;">The SSL certificate chain for this service ends in an unrecognized self-signed certificate.<div class="clear"></div>
</div>
<div class="details-header">Description<div class="clear"></div>
</div>
<div style="line-height: 20px; padding: 0 0 20px 0;">The X.509 certificate chain for this service is not signed by a recognized certificate authority.  If the remote host is a public host in production, this nullifies the use of SSL as anyone could establish a man-in-the-middle attack against the remote host. <br> <br>Note that this plugin does not check for certificate chains that end in a certificate that is not self-signed, but is signed by an unrecognized certificate authority.<div class="clear"></div>
</div>
<div class="details-header">Solution<div class="clear"></div>
</div>
<div style="line-height: 20px; padding: 0 0 20px 0;">Purchase or generate a proper certificate for this service.<div class="clear"></div>
</div>
<div class="details-header">Risk Factor<div class="clear"></div>
</div>
<div style="line-height: 20px; padding: 0 0 20px 0;">Medium<div class="clear"></div>
</div>
<div class="details-header">CVSS Base Score<div class="clear"></div>
</div>
<div style="line-height: 20px; padding: 0 0 20px 0;">6.4 (CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:N)<div class="clear"></div>
</div>
<div class="details-header">Plugin Information<div class="clear"></div>
</div>
<div style="line-height: 20px; padding: 0 0 20px 0;">Published: 2012/01/17, Modified: 2016/12/14<div class="clear"></div>
</div>
<div class="details-header">Plugin Output<div class="clear"></div>
</div>
<h2>tcp/8891</h2>
<div class="clear"></div>
<div style="box-sizing: border-box; width: 100%; background: #eee; font-family: monospace; padding: 20px; margin: 5px 0 20px 0;"> <br>The following certificate was found at the top of the certificate<br>chain sent by the remote host, but is self-signed and was not<br>found in the list of known certificate authorities :<br> <br>|-Subject : C=GB/ST=浙江省杭州市滨江区/L=杭州/O=杭州安恒信息技术有限公司/OU=杭州安恒信息技术有限公司/CN=杭州安恒<div class="clear"></div>
</div>
<div class="clear"></div>
<div class="clear"></div>
</div>
<div xmlns="" class="clear"></div>
<div xmlns="" id="idp46438125413896" style="box-sizing: border-box; width: 100%; margin: 0 0 10px 0; padding: 5px 10px; background: #3fae49; font-weight: bold; font-size: 14px; line-height: 20px; color: #fff;" class="" onclick="toggleSection('idp46438125413896-container');" onmouseover="this.style.cursor='pointer'">83875 - SSL/TLS Diffie-Hellman Modulus &lt;= 1024 Bits (Logjam)<div id="idp46438125413896-toggletext" style="float: right; text-align: center; width: 8px;">
                -
            </div>
</div>
<div xmlns="" id="idp46438125413896-container" style="margin: 0 0 45px 0;" class="section-wrapper">
<div class="details-header">Synopsis<div class="clear"></div>
</div>
<div style="line-height: 20px; padding: 0 0 20px 0;">The remote host allows SSL/TLS connections with one or more Diffie-Hellman moduli less than or equal to 1024 bits.<div class="clear"></div>
</div>
<div class="details-header">Description<div class="clear"></div>
</div>
<div style="line-height: 20px; padding: 0 0 20px 0;">The remote host allows SSL/TLS connections with one or more Diffie-Hellman moduli less than or equal to 1024 bits. Through cryptanalysis, a third party may be able to find the shared secret in a short amount of time (depending on modulus size and attacker resources). This may allow an attacker to recover the plaintext or potentially violate the integrity of connections.<div class="clear"></div>
</div>
<div class="details-header">See Also<div class="clear"></div>
</div>
<div id="idp46438146910472" style="display: block;" class="table-wrapper see-also">
<table cellpadding="0" cellspacing="0">
<thead><tr><th width="100%"></th></tr></thead>
<tbody><tr class=""><td class="#ffffff"><a href="https://weakdh.org/" target="_blank">https://weakdh.org/</a></td></tr></tbody>
</table>
<div class="clear"></div>
</div>
<div class="details-header">Solution<div class="clear"></div>
</div>
<div style="line-height: 20px; padding: 0 0 20px 0;">Reconfigure the service to use a unique Diffie-Hellman moduli of 2048 bits or greater.<div class="clear"></div>
</div>
<div class="details-header">Risk Factor<div class="clear"></div>
</div>
<div style="line-height: 20px; padding: 0 0 20px 0;">Low<div class="clear"></div>
</div>
<div class="details-header">CVSS v3.0 Base Score<div class="clear"></div>
</div>
<div style="line-height: 20px; padding: 0 0 20px 0;">3.7 (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N)<div class="clear"></div>
</div>
<div class="details-header">CVSS v3.0 Temporal Score<div class="clear"></div>
</div>
<div style="line-height: 20px; padding: 0 0 20px 0;">3.2 (CVSS:3.0/E:U/RL:O/RC:C)<div class="clear"></div>
</div>
<div class="details-header">CVSS Base Score<div class="clear"></div>
</div>
<div style="line-height: 20px; padding: 0 0 20px 0;">2.6 (CVSS2#AV:N/AC:H/Au:N/C:N/I:P/A:N)<div class="clear"></div>
</div>
<div class="details-header">CVSS Temporal Score<div class="clear"></div>
</div>
<div style="line-height: 20px; padding: 0 0 20px 0;">1.9 (CVSS2#E:U/RL:OF/RC:C)<div class="clear"></div>
</div>
<div class="details-header">References<div class="clear"></div>
</div>
<div id="idp46438040818184" style="display: block;" class="table-wrapper see-also">
<table cellpadding="0" cellspacing="0">
<thead><tr>
<th width="15%"></th>
<th width="85%"></th>
</tr></thead>
<tbody>
<tr class="">
<td class="#ffffff">BID</td>
<td class="#ffffff"><a href="http://www.securityfocus.com/bid/74733" target="_blank">74733</a></td>
</tr>
<tr class="">
<td class="#ffffff">CVE</td>
<td class="#ffffff"><a href="http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2015-4000" target="_blank">CVE-2015-4000</a></td>
</tr>
</tbody>
</table>
<div class="clear"></div>
</div>
<div class="details-header">Plugin Information<div class="clear"></div>
</div>
<div style="line-height: 20px; padding: 0 0 20px 0;">Published: 2015/05/28, Modified: 2019/11/27<div class="clear"></div>
</div>
<div class="details-header">Plugin Output<div class="clear"></div>
</div>
<h2>tcp/8891</h2>
<div class="clear"></div>
<div style="box-sizing: border-box; width: 100%; background: #eee; font-family: monospace; padding: 20px; margin: 5px 0 20px 0;">
    <br>Vulnerable connection combinations :
    <br>
    <br>  SSL/TLS version  : TLSv1.0
    <br>  Cipher suite     : TLS1_CK_DHE_RSA_WITH_AES_256_CBC_SHA
    <br>  Diffie-Hellman MODP size (bits) : 1024
    <br>    Warning - This is a known static Oakley Group2 modulus. This may make
    <br>    the remote host more vulnerable to the Logjam attack.
    <br>  Logjam attack difficulty : Hard (would require nation-state resources)
    <br>
    <br>  SSL/TLS version  : TLSv1.0
    <br>  Cipher suite     : TLS1_CK_DHE_RSA_WITH_AES_128_CBC_SHA
    <br>  Diffie-Hellman MODP size (bits) : 1024
    <br>    Warning - This is a known static Oakley Group2 modulus. This may make
    <br>    the remote host more vulnerable to the Logjam attack.
    <br>  Logjam attack difficulty : Hard (would require nation-state resources)
    <div class="clear">

    </div>
</div>
<div class="clear"></div>
<div class="clear"></div>
</div>
<div xmlns="" class="clear"></div>
<div xmlns="" id="idp46438103705096" style="box-sizing: border-box; width: 100%; margin: 0 0 10px 0; padding: 5px 10px; background: #0071b9; font-weight: bold; font-size: 14px; line-height: 20px; color: #fff;" class="" onclick="toggleSection('idp46438103705096-container');" onmouseover="this.style.cursor='pointer'">84502 - HSTS Missing From HTTPS Server<div id="idp46438103705096-toggletext" style="float: right; text-align: center; width: 8px;">
                -
            </div>
</div>
<div xmlns="" id="idp46438103705096-container" style="margin: 0 0 45px 0;" class="section-wrapper">
<div class="details-header">Synopsis<div class="clear"></div>
</div>
<div style="line-height: 20px; padding: 0 0 20px 0;">The remote web server is not enforcing HSTS.<div class="clear"></div>
</div>
<div class="details-header">Description<div class="clear"></div>
</div>
<div style="line-height: 20px; padding: 0 0 20px 0;">The remote HTTPS server is not enforcing HTTP Strict Transport Security (HSTS). The lack of HSTS allows downgrade attacks, SSL-stripping man-in-the-middle attacks, and weakens cookie-hijacking protections.<div class="clear"></div>
</div>
<div class="details-header">See Also<div class="clear"></div>
</div>
<div id="idp46438110282248" style="display: block;" class="table-wrapper see-also">
<table cellpadding="0" cellspacing="0">
<thead><tr><th width="100%"></th></tr></thead>
<tbody><tr class=""><td class="#ffffff"><a href="https://tools.ietf.org/html/rfc6797" target="_blank">https://tools.ietf.org/html/rfc6797</a></td></tr></tbody>
</table>
<div class="clear"></div>
</div>
<div class="details-header">Solution<div class="clear"></div>
</div>
<div style="line-height: 20px; padding: 0 0 20px 0;">Configure the remote web server to use HSTS.<div class="clear"></div>
</div>
<div class="details-header">Risk Factor<div class="clear"></div>
</div>
<div style="line-height: 20px; padding: 0 0 20px 0;">None<div class="clear"></div>
</div>
<div class="details-header">Plugin Information<div class="clear"></div>
</div>
<div style="line-height: 20px; padding: 0 0 20px 0;">Published: 2015/07/02, Modified: 2019/09/20<div class="clear"></div>
</div>
<div class="details-header">Plugin Output<div class="clear"></div>
</div>
<h2>tcp/8891</h2>
<div class="clear"></div>
<div style="box-sizing: border-box; width: 100%; background: #eee; font-family: monospace; padding: 20px; margin: 5px 0 20px 0;"> <br>  The remote HTTPS server does not send the HTTP<br>  "Strict-Transport-Security" header.<div class="clear"></div>
</div>
<div class="clear"></div>
<div class="clear"></div>
</div>
<div xmlns="" class="clear"></div>
<h2 xmlns="" class=""></h2>
<div xmlns="" id="idp46438034487944" style="box-sizing: border-box; width: 100%; margin: 0 0 10px 0; padding: 5px 10px; background: #0071b9; font-weight: bold; font-size: 14px; line-height: 20px; color: #fff;" class="" onclick="toggleSection('idp46438034487944-container');" onmouseover="this.style.cursor='pointer'">43111 - HTTP Methods Allowed (per directory)<div id="idp46438034487944-toggletext" style="float: right; text-align: center; width: 8px;">
                -
            </div>
</div>
<div xmlns="" id="idp46438034487944-container" style="margin: 0 0 45px 0;" class="section-wrapper">
<div class="details-header">Synopsis<div class="clear"></div>
</div>
<div style="line-height: 20px; padding: 0 0 20px 0;">This plugin determines which HTTP methods are allowed on various CGI directories.<div class="clear"></div>
</div>
<div class="details-header">Description<div class="clear"></div>
</div>
<div style="line-height: 20px; padding: 0 0 20px 0;">By calling the OPTIONS method, it is possible to determine which HTTP methods are allowed on each directory.<br> <br>The following HTTP methods are considered insecure:<br>  PUT, DELETE, CONNECT, TRACE, HEAD<br> <br>Many frameworks and languages treat 'HEAD' as a 'GET' request, albeit one without any body in the response. If a security constraint was set on 'GET' requests such that only 'authenticatedUsers' could access GET requests for a particular servlet or resource, it would be bypassed for the 'HEAD' version. This allowed unauthorized blind submission of any privileged GET request.<br> <br>As this list may be incomplete, the plugin also tests - if 'Thorough tests' are enabled or 'Enable web applications tests' is set to 'yes'<br>in the scan policy - various known HTTP methods on each directory and considers them as unsupported if it receives a response code of 400, 403, 405, or 501.<br> <br>Note that the plugin output is only informational and does not necessarily indicate the presence of any security vulnerabilities.<div class="clear"></div>
</div>
<div class="details-header">See Also<div class="clear"></div>
</div>
<div id="idp46438040780936" style="display: block;" class="table-wrapper see-also">
<table cellpadding="0" cellspacing="0">
<thead><tr><th width="100%"></th></tr></thead>
<tbody>
<tr class=""><td class="#ffffff"><a href="http://www.nessus.org/u?d9c03a9a" target="_blank">http://www.nessus.org/u?d9c03a9a</a></td></tr>
<tr class=""><td class="#ffffff"><a href="http://www.nessus.org/u?b019cbdb" target="_blank">http://www.nessus.org/u?b019cbdb</a></td></tr>
<tr class=""><td class="#ffffff"><a href="https://www.owasp.org/index.php/Test_HTTP_Methods_(OTG-CONFIG-006)" target="_blank">https://www.owasp.org/index.php/Test_HTTP_Methods_(OTG-CONFIG-006)</a></td></tr>
</tbody>
</table>
<div class="clear"></div>
</div>
<div class="details-header">Solution<div class="clear"></div>
</div>
<div style="line-height: 20px; padding: 0 0 20px 0;">n/a<div class="clear"></div>
</div>
<div class="details-header">Risk Factor<div class="clear"></div>
</div>
<div style="line-height: 20px; padding: 0 0 20px 0;">None<div class="clear"></div>
</div>
<div class="details-header">Plugin Information<div class="clear"></div>
</div>
<div style="line-height: 20px; padding: 0 0 20px 0;">Published: 2009/12/10, Modified: 2019/03/19<div class="clear"></div>
</div>
<div class="details-header">Plugin Output<div class="clear"></div>
</div>
<h2>tcp/8082</h2>
<div class="clear"></div>
<div style="box-sizing: border-box; width: 100%; background: #eee; font-family: monospace; padding: 20px; margin: 5px 0 20px 0;">Based on the response to an OPTIONS request :<br> <br>  - HTTP methods  DELETE  HEAD  OPTIONS  PATCH  POST  PUT  TRACE GET <br>    are allowed on : <br> <br>    /<br> <div class="clear"></div>
</div>
<div class="clear"></div>
<div class="clear"></div>
</div>
<div xmlns="" class="clear"></div>
<div xmlns="" id="idp46438042473096" style="box-sizing: border-box; width: 100%; margin: 0 0 10px 0; padding: 5px 10px; background: #0071b9; font-weight: bold; font-size: 14px; line-height: 20px; color: #fff;" class="" onclick="toggleSection('idp46438042473096-container');" onmouseover="this.style.cursor='pointer'">10107 - HTTP Server Type and Version<div id="idp46438042473096-toggletext" style="float: right; text-align: center; width: 8px;">
                -
            </div>
</div>
<div xmlns="" id="idp46438042473096-container" style="margin: 0 0 45px 0;" class="section-wrapper">
<div class="details-header">Synopsis<div class="clear"></div>
</div>
<div style="line-height: 20px; padding: 0 0 20px 0;">A web server is running on the remote host.<div class="clear"></div>
</div>
<div class="details-header">Description<div class="clear"></div>
</div>
<div style="line-height: 20px; padding: 0 0 20px 0;">This plugin attempts to determine the type and the version of the   remote web server.<div class="clear"></div>
</div>
<div class="details-header">Solution<div class="clear"></div>
</div>
<div style="line-height: 20px; padding: 0 0 20px 0;">n/a<div class="clear"></div>
</div>
<div class="details-header">Risk Factor<div class="clear"></div>
</div>
<div style="line-height: 20px; padding: 0 0 20px 0;">None<div class="clear"></div>
</div>
<div class="details-header">Plugin Information<div class="clear"></div>
</div>
<div style="line-height: 20px; padding: 0 0 20px 0;">Published: 2000/01/04, Modified: 2019/11/22<div class="clear"></div>
</div>
<div class="details-header">Plugin Output<div class="clear"></div>
</div>
<h2>tcp/8082</h2>
<div class="clear"></div>
<div style="box-sizing: border-box; width: 100%; background: #eee; font-family: monospace; padding: 20px; margin: 5px 0 20px 0;">The remote web server type is :<br> <br>Jetty(9.4.3.v20170317)<div class="clear"></div>
</div>
<div class="clear"></div>
<div class="clear"></div>
</div>
<div xmlns="" class="clear"></div>
<div xmlns="" id="idp46438115246088" style="box-sizing: border-box; width: 100%; margin: 0 0 10px 0; padding: 5px 10px; background: #0071b9; font-weight: bold; font-size: 14px; line-height: 20px; color: #fff;" class="" onclick="toggleSection('idp46438115246088-container');" onmouseover="this.style.cursor='pointer'">24260 - HyperText Transfer Protocol (HTTP) Information<div id="idp46438115246088-toggletext" style="float: right; text-align: center; width: 8px;">
                -
            </div>
</div>
<div xmlns="" id="idp46438115246088-container" style="margin: 0 0 45px 0;" class="section-wrapper">
<div class="details-header">Synopsis<div class="clear"></div>
</div>
<div style="line-height: 20px; padding: 0 0 20px 0;">Some information about the remote HTTP configuration can be extracted.<div class="clear"></div>
</div>
<div class="details-header">Description<div class="clear"></div>
</div>
<div style="line-height: 20px; padding: 0 0 20px 0;">This test gives some information about the remote HTTP protocol - the version used, whether HTTP Keep-Alive and HTTP pipelining are enabled, etc... <br> <br>This test is informational only and does not denote any security problem.<div class="clear"></div>
</div>
<div class="details-header">Solution<div class="clear"></div>
</div>
<div style="line-height: 20px; padding: 0 0 20px 0;">n/a<div class="clear"></div>
</div>
<div class="details-header">Risk Factor<div class="clear"></div>
</div>
<div style="line-height: 20px; padding: 0 0 20px 0;">None<div class="clear"></div>
</div>
<div class="details-header">Plugin Information<div class="clear"></div>
</div>
<div style="line-height: 20px; padding: 0 0 20px 0;">Published: 2007/01/30, Modified: 2019/11/22<div class="clear"></div>
</div>
<div class="details-header">Plugin Output<div class="clear"></div>
</div>
<h2>tcp/8082</h2>
<div class="clear"></div>
<div style="box-sizing: border-box; width: 100%; background: #eee; font-family: monospace; padding: 20px; margin: 5px 0 20px 0;"> <br>Response Code : HTTP/1.1 404 Not Found<br> <br>Protocol version : HTTP/1.1<br>SSL : no<br>Keep-Alive : no<br>Options allowed : GET, HEAD, POST, PUT, DELETE, TRACE, OPTIONS, PATCH<br>Headers :<br> <br>  Connection: close<br>  Cache-Control: must-revalidate,no-cache,no-store<br>  Content-Type: text/html;charset=iso-8859-1<br>  Content-Length: 316<br>  Server: Jetty(9.4.3.v20170317)<br>  <br>Response Body :<br> <div class="clear"></div>
</div>
<div class="clear"></div>
<div class="clear"></div>
</div>
<div xmlns="" class="clear"></div>
<h2 xmlns="" class=""></h2>
<div xmlns="" id="idp46438116052488" style="box-sizing: border-box; width: 100%; margin: 0 0 10px 0; padding: 5px 10px; background: #0071b9; font-weight: bold; font-size: 14px; line-height: 20px; color: #fff;" class="" onclick="toggleSection('idp46438116052488-container');" onmouseover="this.style.cursor='pointer'">24260 - HyperText Transfer Protocol (HTTP) Information<div id="idp46438116052488-toggletext" style="float: right; text-align: center; width: 8px;">
                -
            </div>
</div>
<div xmlns="" id="idp46438116052488-container" style="margin: 0 0 45px 0;" class="section-wrapper">
<div class="details-header">Synopsis<div class="clear"></div>
</div>
<div style="line-height: 20px; padding: 0 0 20px 0;">Some information about the remote HTTP configuration can be extracted.<div class="clear"></div>
</div>
<div class="details-header">Description<div class="clear"></div>
</div>
<div style="line-height: 20px; padding: 0 0 20px 0;">This test gives some information about the remote HTTP protocol - the version used, whether HTTP Keep-Alive and HTTP pipelining are enabled, etc... <br> <br>This test is informational only and does not denote any security problem.<div class="clear"></div>
</div>
<div class="details-header">Solution<div class="clear"></div>
</div>
<div style="line-height: 20px; padding: 0 0 20px 0;">n/a<div class="clear"></div>
</div>
<div class="details-header">Risk Factor<div class="clear"></div>
</div>
<div style="line-height: 20px; padding: 0 0 20px 0;">None<div class="clear"></div>
</div>
<div class="details-header">Plugin Information<div class="clear"></div>
</div>
<div style="line-height: 20px; padding: 0 0 20px 0;">Published: 2007/01/30, Modified: 2019/11/22<div class="clear"></div>
</div>
<div class="details-header">Plugin Output<div class="clear"></div>
</div>
<h2>tcp/8891</h2>
<div class="clear"></div>
<div style="box-sizing: border-box; width: 100%; background: #eee; font-family: monospace; padding: 20px; margin: 5px 0 20px 0;"> <br>Response Code : HTTP/1.1 302 Found<br> <br>Protocol version : HTTP/1.1<br>SSL : yes<br>Keep-Alive : no<br>Options allowed : (Not implemented)<br>Headers :<br> <br>  Content-Type: text/html;charset=UTF-8<br>  Access-Control-Allow-Origin: *<br>  Access-Control-Allow-Methods: GET,HEAD,PUT,PATCH,POST,DELETE,OPTIONS<br>  Access-Control-Allow-Credentials: true<br>  Access-Control-Allow-Headers: authorization,encrypt,hash,times,x-requested-with,Content-Type,user-type<br>  Cache-Control: no-cache, must-revalidate<br>  X-Frame-Options: DENY<br>  Cache-Control: no-cache<br>  Pragma: no-cache<br>  Location: https://192.168.31.55:8891/index.html<br>  Connection: close<br>  <br>Response Body :<br> <div class="clear"></div>
</div>
<div class="clear"></div>
<div class="clear"></div>
</div>
<div xmlns="" class="clear"></div>
<h2 xmlns="" class=""></h2>
<div xmlns="" id="idp46438125957640" style="box-sizing: border-box; width: 100%; margin: 0 0 10px 0; padding: 5px 10px; background: #0071b9; font-weight: bold; font-size: 14px; line-height: 20px; color: #fff;" class="" onclick="toggleSection('idp46438125957640-container');" onmouseover="this.style.cursor='pointer'">10114 - ICMP Timestamp Request Remote Date Disclosure<div id="idp46438125957640-toggletext" style="float: right; text-align: center; width: 8px;">
                -
            </div>
</div>
<div xmlns="" id="idp46438125957640-container" style="margin: 0 0 45px 0;" class="section-wrapper">
<div class="details-header">Synopsis<div class="clear"></div>
</div>
<div style="line-height: 20px; padding: 0 0 20px 0;">It is possible to determine the exact time set on the remote host.<div class="clear"></div>
</div>
<div class="details-header">Description<div class="clear"></div>
</div>
<div style="line-height: 20px; padding: 0 0 20px 0;">The remote host answers to an ICMP timestamp request.  This allows an attacker to know the date that is set on the targeted machine, which may assist an unauthenticated, remote attacker in defeating time-based authentication protocols.<br> <br>Timestamps returned from machines running Windows Vista / 7 / 2008 / 2008 R2 are deliberately incorrect, but usually within 1000 seconds of the actual system time.<div class="clear"></div>
</div>
<div class="details-header">Solution<div class="clear"></div>
</div>
<div style="line-height: 20px; padding: 0 0 20px 0;">Filter out the ICMP timestamp requests (13), and the outgoing ICMP timestamp replies (14).<div class="clear"></div>
</div>
<div class="details-header">Risk Factor<div class="clear"></div>
</div>
<div style="line-height: 20px; padding: 0 0 20px 0;">None<div class="clear"></div>
</div>
<div class="details-header">CVSS v3.0 Base Score<div class="clear"></div>
</div>
<div style="line-height: 20px; padding: 0 0 20px 0;">0.0 (CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:N)<div class="clear"></div>
</div>
<div class="details-header">CVSS Base Score<div class="clear"></div>
</div>
<div style="line-height: 20px; padding: 0 0 20px 0;">0.0 (CVSS2#AV:L/AC:L/Au:N/C:N/I:N/A:N)<div class="clear"></div>
</div>
<div class="details-header">References<div class="clear"></div>
</div>
<div id="idp46438127484936" style="display: block;" class="table-wrapper see-also">
<table cellpadding="0" cellspacing="0">
<thead><tr>
<th width="15%"></th>
<th width="85%"></th>
</tr></thead>
<tbody>
<tr class="">
<td class="#ffffff">CVE</td>
<td class="#ffffff"><a href="http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-1999-0524" target="_blank">CVE-1999-0524</a></td>
</tr>
<tr class="">
<td class="#ffffff">XREF</td>
<td class="#ffffff"><a href="http://cwe.mitre.org/data/definitions/200" target="_blank">CWE:200</a></td>
</tr>
</tbody>
</table>
<div class="clear"></div>
</div>
<div class="details-header">Plugin Information<div class="clear"></div>
</div>
<div style="line-height: 20px; padding: 0 0 20px 0;">Published: 1999/08/01, Modified: 2019/10/04<div class="clear"></div>
</div>
<div class="details-header">Plugin Output<div class="clear"></div>
</div>
<h2>icmp/0</h2>
<div class="clear"></div>
<div style="box-sizing: border-box; width: 100%; background: #eee; font-family: monospace; padding: 20px; margin: 5px 0 20px 0;">The ICMP timestamps seem to be in little endian format (not in network format)<br>The difference between the local and remote clocks is 10882 seconds.<div class="clear"></div>
</div>
<div class="clear"></div>
<div class="clear"></div>
</div>
<div xmlns="" class="clear"></div>
<h2 xmlns="" class=""></h2>
<div xmlns="" id="idp46438128719496" style="box-sizing: border-box; width: 100%; margin: 0 0 10px 0; padding: 5px 10px; background: #0071b9; font-weight: bold; font-size: 14px; line-height: 20px; color: #fff;" class="" onclick="toggleSection('idp46438128719496-container');" onmouseover="this.style.cursor='pointer'">11219 - Nessus SYN scanner<div id="idp46438128719496-toggletext" style="float: right; text-align: center; width: 8px;">
                -
            </div>
</div>
<div xmlns="" id="idp46438128719496-container" style="margin: 0 0 45px 0;" class="section-wrapper">
<div class="details-header">Synopsis<div class="clear"></div>
</div>
<div style="line-height: 20px; padding: 0 0 20px 0;">It is possible to determine which TCP ports are open.<div class="clear"></div>
</div>
<div class="details-header">Description<div class="clear"></div>
</div>
<div style="line-height: 20px; padding: 0 0 20px 0;">This plugin is a SYN 'half-open' port scanner.  It shall be reasonably quick even against a firewalled target. <br> <br>Note that SYN scans are less intrusive than TCP (full connect) scans against broken services, but they might cause problems for less robust firewalls and also leave unclosed connections on the remote target, if the network is loaded.<div class="clear"></div>
</div>
<div class="details-header">Solution<div class="clear"></div>
</div>
<div style="line-height: 20px; padding: 0 0 20px 0;">Protect your target with an IP filter.<div class="clear"></div>
</div>
<div class="details-header">Risk Factor<div class="clear"></div>
</div>
<div style="line-height: 20px; padding: 0 0 20px 0;">None<div class="clear"></div>
</div>
<div class="details-header">Plugin Information<div class="clear"></div>
</div>
<div style="line-height: 20px; padding: 0 0 20px 0;">Published: 2009/02/04, Modified: 2020/03/02<div class="clear"></div>
</div>
<div class="details-header">Plugin Output<div class="clear"></div>
</div>
<h2>tcp/8082</h2>
<div class="clear"></div>
<div style="box-sizing: border-box; width: 100%; background: #eee; font-family: monospace; padding: 20px; margin: 5px 0 20px 0;">Port 8082/tcp was found to be open<div class="clear"></div>
</div>
<div class="clear"></div>
<div class="clear"></div>
</div>
<div xmlns="" class="clear"></div>
<h2 xmlns="" class=""></h2>
<div xmlns="" id="idp46438128997512" style="box-sizing: border-box; width: 100%; margin: 0 0 10px 0; padding: 5px 10px; background: #0071b9; font-weight: bold; font-size: 14px; line-height: 20px; color: #fff;" class="" onclick="toggleSection('idp46438128997512-container');" onmouseover="this.style.cursor='pointer'">11219 - Nessus SYN scanner<div id="idp46438128997512-toggletext" style="float: right; text-align: center; width: 8px;">
                -
            </div>
</div>
<div xmlns="" id="idp46438128997512-container" style="margin: 0 0 45px 0;" class="section-wrapper">
<div class="details-header">Synopsis<div class="clear"></div>
</div>
<div style="line-height: 20px; padding: 0 0 20px 0;">It is possible to determine which TCP ports are open.<div class="clear"></div>
</div>
<div class="details-header">Description<div class="clear"></div>
</div>
<div style="line-height: 20px; padding: 0 0 20px 0;">This plugin is a SYN 'half-open' port scanner.  It shall be reasonably quick even against a firewalled target. <br> <br>Note that SYN scans are less intrusive than TCP (full connect) scans against broken services, but they might cause problems for less robust firewalls and also leave unclosed connections on the remote target, if the network is loaded.<div class="clear"></div>
</div>
<div class="details-header">Solution<div class="clear"></div>
</div>
<div style="line-height: 20px; padding: 0 0 20px 0;">Protect your target with an IP filter.<div class="clear"></div>
</div>
<div class="details-header">Risk Factor<div class="clear"></div>
</div>
<div style="line-height: 20px; padding: 0 0 20px 0;">None<div class="clear"></div>
</div>
<div class="details-header">Plugin Information<div class="clear"></div>
</div>
<div style="line-height: 20px; padding: 0 0 20px 0;">Published: 2009/02/04, Modified: 2020/03/02<div class="clear"></div>
</div>
<div class="details-header">Plugin Output<div class="clear"></div>
</div>
<h2>tcp/8891</h2>
<div class="clear"></div>
<div style="box-sizing: border-box; width: 100%; background: #eee; font-family: monospace; padding: 20px; margin: 5px 0 20px 0;">Port 8891/tcp was found to be open<div class="clear"></div>
</div>
<div class="clear"></div>
<div class="clear"></div>
</div>
<div xmlns="" class="clear"></div>
<h2 xmlns="" class=""></h2>
<div xmlns="" id="idp46438130147976" style="box-sizing: border-box; width: 100%; margin: 0 0 10px 0; padding: 5px 10px; background: #0071b9; font-weight: bold; font-size: 14px; line-height: 20px; color: #fff;" class="" onclick="toggleSection('idp46438130147976-container');" onmouseover="this.style.cursor='pointer'">19506 - Nessus Scan Information<div id="idp46438130147976-toggletext" style="float: right; text-align: center; width: 8px;">
                -
            </div>
</div>
<div xmlns="" id="idp46438130147976-container" style="margin: 0 0 45px 0;" class="section-wrapper">
<div class="details-header">Synopsis<div class="clear"></div>
</div>
<div style="line-height: 20px; padding: 0 0 20px 0;">This plugin displays information about the Nessus scan.<div class="clear"></div>
</div>
<div class="details-header">Description<div class="clear"></div>
</div>
<div style="line-height: 20px; padding: 0 0 20px 0;">This plugin displays, for each tested host, information about the scan itself :<br> <br>  - The version of the plugin set.<br>  - The type of scanner (Nessus or Nessus Home).<br>  - The version of the Nessus Engine.<br>  - The port scanner(s) used.<br>  - The port range scanned.<br>  - Whether credentialed or third-party patch management     checks are possible.<br>  - The date of the scan.<br>  - The duration of the scan.<br>  - The number of hosts scanned in parallel.<br>  - The number of checks done in parallel.<div class="clear"></div>
</div>
<div class="details-header">Solution<div class="clear"></div>
</div>
<div style="line-height: 20px; padding: 0 0 20px 0;">n/a<div class="clear"></div>
</div>
<div class="details-header">Risk Factor<div class="clear"></div>
</div>
<div style="line-height: 20px; padding: 0 0 20px 0;">None<div class="clear"></div>
</div>
<div class="details-header">Plugin Information<div class="clear"></div>
</div>
<div style="line-height: 20px; padding: 0 0 20px 0;">Published: 2005/08/26, Modified: 2019/12/03<div class="clear"></div>
</div>
<div class="details-header">Plugin Output<div class="clear"></div>
</div>
<h2>tcp/0</h2>
<div class="clear"></div>
<div style="box-sizing: border-box; width: 100%; background: #eee; font-family: monospace; padding: 20px; margin: 5px 0 20px 0;">Information about this scan : <br> <br>Nessus version : 8.9.1<br>Plugin feed version : 202003100440<br>Scanner edition used : Nessus Home<br> <br>ERROR: Your plugins have not been updated since 2020/3/10<br>Performing a scan with an older plugin set will yield out-of-date results and<br>produce an incomplete audit. Please run nessus-update-plugins to get the<br>newest vulnerability checks from Nessus.org.<br> <br>Scan type : Normal<br>Scan policy used : Advanced Scan<br>Scanner IP : 192.168.31.12<br>Port scanner(s) : nessus_syn_scanner <br>Port range : default<br>Thorough tests : no<br>Experimental tests : no<br>Paranoia level : 1<br>Report verbosity : 1<br>Safe checks : yes<br>Optimize the test : yes<br>Credentialed checks : no<br>Patch management checks : None<br>CGI scanning : disabled<br>Web application tests : disabled<br>Max hosts : 100<br>Max checks : 5<br>Recv timeout : 5<br>Backports : None<br>Allow post-scan editing: Yes<br>Scan duration : unknown<div class="clear"></div>
</div>
<div class="clear"></div>
<div class="clear"></div>
</div>
<div xmlns="" class="clear"></div>
<div xmlns="" id="idp46438147471368" style="box-sizing: border-box; width: 100%; margin: 0 0 10px 0; padding: 5px 10px; background: #0071b9; font-weight: bold; font-size: 14px; line-height: 20px; color: #fff;" class="" onclick="toggleSection('idp46438147471368-container');" onmouseover="this.style.cursor='pointer'">50350 - OS Identification Failed<div id="idp46438147471368-toggletext" style="float: right; text-align: center; width: 8px;">
                -
            </div>
</div>
<div xmlns="" id="idp46438147471368-container" style="margin: 0 0 45px 0;" class="section-wrapper">
<div class="details-header">Synopsis<div class="clear"></div>
</div>
<div style="line-height: 20px; padding: 0 0 20px 0;">It was not possible to determine the remote operating system.<div class="clear"></div>
</div>
<div class="details-header">Description<div class="clear"></div>
</div>
<div style="line-height: 20px; padding: 0 0 20px 0;">Using a combination of remote probes (TCP/IP, SMB, HTTP, NTP, SNMP, etc), it was possible to gather one or more fingerprints from the remote system. Unfortunately, though, Nessus does not currently know how to use them to identify the overall system.<div class="clear"></div>
</div>
<div class="details-header">Solution<div class="clear"></div>
</div>
<div style="line-height: 20px; padding: 0 0 20px 0;">n/a<div class="clear"></div>
</div>
<div class="details-header">Risk Factor<div class="clear"></div>
</div>
<div style="line-height: 20px; padding: 0 0 20px 0;">None<div class="clear"></div>
</div>
<div class="details-header">Plugin Information<div class="clear"></div>
</div>
<div style="line-height: 20px; padding: 0 0 20px 0;">Published: 2010/10/26, Modified: 2020/01/22<div class="clear"></div>
</div>
<div class="details-header">Plugin Output<div class="clear"></div>
</div>
<h2>tcp/0</h2>
<div class="clear"></div>
<div style="box-sizing: border-box; width: 100%; background: #eee; font-family: monospace; padding: 20px; margin: 5px 0 20px 0;"> <br>If you think these signatures would help us improve OS fingerprinting,<br>please send them to :<br> <br>  os-signatures@nessus.org<br> <br>Be sure to include a brief description of the device itself, such as<br>the actual operating system or product / model names.<br> <br>HTTP:!:Server: Jetty(9.4.3.v20170317)<br> <br>SSLcert:!:i/CN:杭州安恒i/O:杭州安恒信息技术有限公司i/OU:杭州安恒信息技术有限公司s/CN:杭州安恒s/O:杭州安恒信息技术有限公司s/OU:杭州安恒信息技术有限公司<br>fddb79b605fa207b09714f33ad4819738d26337c<br> <br>SinFP:!:<br>   P1:B10113:F0x12:W14600:O0204ffff:M1460:<br>   P2:B10113:F0x12:W14480:O0204ffff0402080affffffff4445414401030307:M1460:<br>   P3:B00000:F0x00:W0:O0:M0<br>   P4:80901_7_p=8082<div class="clear"></div>
</div>
<div class="clear"></div>
<div class="clear"></div>
</div>
<div xmlns="" class="clear"></div>
<h2 xmlns="" class=""></h2>
<div xmlns="" id="idp46438163502600" style="box-sizing: border-box; width: 100%; margin: 0 0 10px 0; padding: 5px 10px; background: #0071b9; font-weight: bold; font-size: 14px; line-height: 20px; color: #fff;" class="" onclick="toggleSection('idp46438163502600-container');" onmouseover="this.style.cursor='pointer'">56984 - SSL / TLS Versions Supported<div id="idp46438163502600-toggletext" style="float: right; text-align: center; width: 8px;">
                -
            </div>
</div>
<div xmlns="" id="idp46438163502600-container" style="margin: 0 0 45px 0;" class="section-wrapper">
<div class="details-header">Synopsis<div class="clear"></div>
</div>
<div style="line-height: 20px; padding: 0 0 20px 0;">The remote service encrypts communications.<div class="clear"></div>
</div>
<div class="details-header">Description<div class="clear"></div>
</div>
<div style="line-height: 20px; padding: 0 0 20px 0;">This plugin detects which SSL and TLS versions are supported by the remote service for encrypting communications.<div class="clear"></div>
</div>
<div class="details-header">Solution<div class="clear"></div>
</div>
<div style="line-height: 20px; padding: 0 0 20px 0;">n/a<div class="clear"></div>
</div>
<div class="details-header">Risk Factor<div class="clear"></div>
</div>
<div style="line-height: 20px; padding: 0 0 20px 0;">None<div class="clear"></div>
</div>
<div class="details-header">Plugin Information<div class="clear"></div>
</div>
<div style="line-height: 20px; padding: 0 0 20px 0;">Published: 2011/12/01, Modified: 2019/03/01<div class="clear"></div>
</div>
<div class="details-header">Plugin Output<div class="clear"></div>
</div>
<h2>tcp/8891</h2>
<div class="clear"></div>
<div style="box-sizing: border-box; width: 100%; background: #eee; font-family: monospace; padding: 20px; margin: 5px 0 20px 0;"> <br>This port supports TLSv1.0/TLSv1.2.<div class="clear"></div>
</div>
<div class="clear"></div>
<div class="clear"></div>
</div>
<div xmlns="" class="clear"></div>
<div xmlns="" id="idp46438164017928" style="box-sizing: border-box; width: 100%; margin: 0 0 10px 0; padding: 5px 10px; background: #0071b9; font-weight: bold; font-size: 14px; line-height: 20px; color: #fff;" class="" onclick="toggleSection('idp46438164017928-container');" onmouseover="this.style.cursor='pointer'">10863 - SSL Certificate Information<div id="idp46438164017928-toggletext" style="float: right; text-align: center; width: 8px;">
                -
            </div>
</div>
<div xmlns="" id="idp46438164017928-container" style="margin: 0 0 45px 0;" class="section-wrapper">
<div class="details-header">Synopsis<div class="clear"></div>
</div>
<div style="line-height: 20px; padding: 0 0 20px 0;">This plugin displays the SSL certificate.<div class="clear"></div>
</div>
<div class="details-header">Description<div class="clear"></div>
</div>
<div style="line-height: 20px; padding: 0 0 20px 0;">This plugin connects to every SSL-related port and attempts to extract and dump the X.509 certificate.<div class="clear"></div>
</div>
<div class="details-header">Solution<div class="clear"></div>
</div>
<div style="line-height: 20px; padding: 0 0 20px 0;">n/a<div class="clear"></div>
</div>
<div class="details-header">Risk Factor<div class="clear"></div>
</div>
<div style="line-height: 20px; padding: 0 0 20px 0;">None<div class="clear"></div>
</div>
<div class="details-header">Plugin Information<div class="clear"></div>
</div>
<div style="line-height: 20px; padding: 0 0 20px 0;">Published: 2008/05/19, Modified: 2019/07/18<div class="clear"></div>
</div>
<div class="details-header">Plugin Output<div class="clear"></div>
</div>
<h2>tcp/8891</h2>
<div class="clear"></div>
<div style="box-sizing: border-box; width: 100%; background: #eee; font-family: monospace; padding: 20px; margin: 5px 0 20px 0;">Subject Name: <br> <br>Country: GB<br>State/Province: 浙江省杭州市滨江区<br>Locality: 杭州<br>Organization: 杭州安恒信息技术有限公司<br>Organization Unit: 杭州安恒信息技术有限公司<br>Common Name: 杭州安恒<br> <br>Issuer Name: <br> <br>Country: GB<br>State/Province: 浙江省杭州市滨江区<br>Locality: 杭州<br>Organization: 杭州安恒信息技术有限公司<br>Organization Unit: 杭州安恒信息技术有限公司<br>Common Name: 杭州安恒<br> <br>Serial Number: 4B BB C7 55 <br> <br>Version: 3<br> <br>Signature Algorithm: SHA-256 With RSA Encryption<br> <br>Not Valid Before: Sep 27 02:46:55 2017 GMT<br>Not Valid After: Sep 03 02:46:55 2117 GMT<br> <br>Public Key Info: <br> <br>Algorithm: RSA Encryption<br>Key Length: 2048 bits<br>Public Key: 00 8E AA DB 8D DB D7 34 67 28 9D 82 8A 11 CC 98 82 63 47 98 <br>            4B CB 4F 72 1D 63 DD BC 90 D3 99 98 D5 E1 FD CA D4 93 FA 77 <br>            D1 00 16 01 70 85 93 08 16 5E 8D 00 12 41 CB CE 71 2B 8D 04 <br>            DB A0 A6 FC 5B A2 32 0C 6F 49 24 F6 5C 2F CF 11 64 E6 7C 8F <br>            71 14 C7 35 69 0E 23 8D 11 01 11 48 AC 6E 09 D1 37 E8 F2 EC <br>            C1 7E 20 A1 BF 4E 37 8B E6 29 BF DE 23 10 41 11 47 B5 41 28 <br>            6B 7D B4 7E 0D 09 B7 05 FA 22 69 C0 53 44 D9 41 E3 6D 27 13 <br>            95 33 69 29 B7 F2 9E 64 A7 71 8B FF B5 5D C2 6D 92 41 2F 0F <br>            F2 88 41 DB 34 5E EA FC 6F 38 A8 D1 46 A4 F3 C2 04 28 7A 49 <br>            B4 FF 64 A2 FC 94 AD 5F CA 51 51 EA E3 DC 84 B7 33 7A 44 B6 <br>            F8 6B D5 F4 30 A6 28 A5 3A 0D C8 04 14 36 FD 86 5A 02 6D 8D <br>            44 DC 03 EE BA 54 0E 69 50 67 60 1F 21 98 BC 48 BA 71 7D BA <br>            D8 D1 59 4D 9D A8 4E 50 0A 71 B6 9A 3C 3F 91 35 5B <br>Exponent: 01 00 01 <br> <br>Signature Length: 256 bytes / 2048 bits<br>Signature: 00 3D F1 39 7B E1 C4 8E 19 E7 43 8E 56 C0 DF 79 90 34 9E 90 <br>           CB 94 BD 1C 6E 6A 5B 94 AB 03 21 9A E8 77 C3 5B F5 FC CB 5F <br>           24 7A 3D CD 86 21 08 E8 14 77 92 0B E5 E2 44 FF D8 A3 7B 87 <br>           CC 73 7B CB 0F B9 B3 40 DE 5C 93 CD D0 9B 46 B6 2C C8 1F D6 <br>           14 2A CB AB A0 CD BE 31 65 3C 03 3A 7C 73 42 0F 5C 8C 6B DD <br>           EB 89 E9 30 FC 0B F4 10 7D A0 AF 85 19 E6 14 1C D2 C8 B8 F1 <br>           C9 EB FE 2D 6A 67 81 9F 05 9D C2 7B 4B CA 18 FB E1 48 96 50 <br>           18 44 4B E0 36 93 6B 39 C2 70 27 5D 78 9E 55 47 BD 2D 6E 0D <br>           E1 94 E5 12 BC 75 9E 75 D3 C8 E5 C1 D8 27 01 52 51 D1 0B 53 <br>           AE 57 4D 98 8A 09 57 F5 D4 39 D9 F6 6E C4 92 FD 3E A9 0D 49 <br>           E9 72 34 2C A9 7F AC FF 6B 25 45 19 E3 64 71 2C 9B 7E 3F 19 <br>           59 D6 D5 3E E2 07 8E E1 FA 97 55 AB F2 81 82 2F 26 3B 55 93 <br>           53 5B B4 26 FC 2F 3F 34 AA 38 80 03 18 82 14 B8 E3 <br> <br>Extension: Subject Key Identifier (2.5.29.14)<br>Critical: 0<br>Subject Key Identifier: 9D 34 66 35 AE BC 66 2A B3 2D C0 0D FD 38 FB 89 56 98 F5 D5 <br> <br> <br>Fingerprints : <br> <br>SHA-256 Fingerprint: 54 87 99 A0 10 A5 DB A8 7E CD 3E CC 18 C6 78 CA D2 99 EC 46 <br>                     75 96 0D E7 42 E8 D4 72 F1 42 D0 BF <br>SHA-1 Fingerprint: FD DB 79 B6 05 FA 20 7B 09 71 4F 33 AD 48 19 73 8D 26 33 7C <br>MD5 Fingerprint: 0F EB 55 B2 4F 10 62 B5 04 CB 96 8C BF 73 DA FC <br> <div class="clear"></div>
</div>
<div class="clear"></div>
<div class="clear"></div>
</div>
<div xmlns="" class="clear"></div>
<div xmlns="" id="idp46438165853832" style="box-sizing: border-box; width: 100%; margin: 0 0 10px 0; padding: 5px 10px; background: #0071b9; font-weight: bold; font-size: 14px; line-height: 20px; color: #fff;" class="" onclick="toggleSection('idp46438165853832-container');" onmouseover="this.style.cursor='pointer'">70544 - SSL Cipher Block Chaining Cipher Suites Supported<div id="idp46438165853832-toggletext" style="float: right; text-align: center; width: 8px;">
                -
            </div>
</div>
<div xmlns="" id="idp46438165853832-container" style="margin: 0 0 45px 0;" class="section-wrapper">
<div class="details-header">Synopsis<div class="clear"></div>
</div>
<div style="line-height: 20px; padding: 0 0 20px 0;">The remote service supports the use of SSL Cipher Block Chaining ciphers, which combine previous blocks with subsequent ones.<div class="clear"></div>
</div>
<div class="details-header">Description<div class="clear"></div>
</div>
<div style="line-height: 20px; padding: 0 0 20px 0;">The remote host supports the use of SSL ciphers that operate in Cipher Block Chaining (CBC) mode.  These cipher suites offer additional security over Electronic Codebook (ECB) mode, but have the potential to leak information if used improperly.<div class="clear"></div>
</div>
<div class="details-header">See Also<div class="clear"></div>
</div>
<div id="idp46438166078216" style="display: block;" class="table-wrapper see-also">
<table cellpadding="0" cellspacing="0">
<thead><tr><th width="100%"></th></tr></thead>
<tbody>
<tr class=""><td class="#ffffff"><a href="https://www.openssl.org/docs/manmaster/man1/ciphers.html" target="_blank">https://www.openssl.org/docs/manmaster/man1/ciphers.html</a></td></tr>
<tr class=""><td class="#ffffff"><a href="http://www.nessus.org/u?cc4a822a" target="_blank">http://www.nessus.org/u?cc4a822a</a></td></tr>
<tr class=""><td class="#ffffff"><a href="https://www.openssl.org/~bodo/tls-cbc.txt" target="_blank">https://www.openssl.org/~bodo/tls-cbc.txt</a></td></tr>
</tbody>
</table>
<div class="clear"></div>
</div>
<div class="details-header">Solution<div class="clear"></div>
</div>
<div style="line-height: 20px; padding: 0 0 20px 0;">n/a<div class="clear"></div>
</div>
<div class="details-header">Risk Factor<div class="clear"></div>
</div>
<div style="line-height: 20px; padding: 0 0 20px 0;">None<div class="clear"></div>
</div>
<div class="details-header">Plugin Information<div class="clear"></div>
</div>
<div style="line-height: 20px; padding: 0 0 20px 0;">Published: 2013/10/22, Modified: 2018/11/15<div class="clear"></div>
</div>
<div class="details-header">Plugin Output<div class="clear"></div>
</div>
<h2>tcp/8891</h2>
<div class="clear"></div>
<div style="box-sizing: border-box; width: 100%; background: #eee; font-family: monospace; padding: 20px; margin: 5px 0 20px 0;"> <br>Here is the list of SSL CBC ciphers supported by the remote server :<br> <br>  High Strength Ciphers (&gt;= 112-bit key)<br> <br>    DHE-RSA-AES128-SHA           Kx=DH          Au=RSA      Enc=AES-CBC(128)         Mac=SHA1   <br>    DHE-RSA-AES256-SHA           Kx=DH          Au=RSA      Enc=AES-CBC(256)         Mac=SHA1   <br>    AES128-SHA                   Kx=RSA         Au=RSA      Enc=AES-CBC(128)         Mac=SHA1   <br>    AES256-SHA                   Kx=RSA         Au=RSA      Enc=AES-CBC(256)         Mac=SHA1   <br> <br>The fields above are :<br> <br>  {OpenSSL ciphername}<br>  Kx={key exchange}<br>  Au={authentication}<br>  Enc={symmetric encryption method}<br>  Mac={message authentication code}<br>  {export flag}<div class="clear"></div>
</div>
<div class="clear"></div>
<div class="clear"></div>
</div>
<div xmlns="" class="clear"></div>
<div xmlns="" id="idp46438166249480" style="box-sizing: border-box; width: 100%; margin: 0 0 10px 0; padding: 5px 10px; background: #0071b9; font-weight: bold; font-size: 14px; line-height: 20px; color: #fff;" class="" onclick="toggleSection('idp46438166249480-container');" onmouseover="this.style.cursor='pointer'">21643 - SSL Cipher Suites Supported<div id="idp46438166249480-toggletext" style="float: right; text-align: center; width: 8px;">
                -
            </div>
</div>
<div xmlns="" id="idp46438166249480-container" style="margin: 0 0 45px 0;" class="section-wrapper">
<div class="details-header">Synopsis<div class="clear"></div>
</div>
<div style="line-height: 20px; padding: 0 0 20px 0;">The remote service encrypts communications using SSL.<div class="clear"></div>
</div>
<div class="details-header">Description<div class="clear"></div>
</div>
<div style="line-height: 20px; padding: 0 0 20px 0;">This plugin detects which SSL ciphers are supported by the remote service for encrypting communications.<div class="clear"></div>
</div>
<div class="details-header">See Also<div class="clear"></div>
</div>
<div id="idp46438167960584" style="display: block;" class="table-wrapper see-also">
<table cellpadding="0" cellspacing="0">
<thead><tr><th width="100%"></th></tr></thead>
<tbody>
<tr class=""><td class="#ffffff"><a href="https://www.openssl.org/docs/man1.1.0/apps/ciphers.html" target="_blank">https://www.openssl.org/docs/man1.1.0/apps/ciphers.html</a></td></tr>
<tr class=""><td class="#ffffff"><a href="http://www.nessus.org/u?3a040ada" target="_blank">http://www.nessus.org/u?3a040ada</a></td></tr>
</tbody>
</table>
<div class="clear"></div>
</div>
<div class="details-header">Solution<div class="clear"></div>
</div>
<div style="line-height: 20px; padding: 0 0 20px 0;">n/a<div class="clear"></div>
</div>
<div class="details-header">Risk Factor<div class="clear"></div>
</div>
<div style="line-height: 20px; padding: 0 0 20px 0;">None<div class="clear"></div>
</div>
<div class="details-header">Plugin Information<div class="clear"></div>
</div>
<div style="line-height: 20px; padding: 0 0 20px 0;">Published: 2006/06/05, Modified: 2019/05/10<div class="clear"></div>
</div>
<div class="details-header">Plugin Output<div class="clear"></div>
</div>
<h2>tcp/8891</h2>
<div class="clear"></div>
<div style="box-sizing: border-box; width: 100%; background: #eee; font-family: monospace; padding: 20px; margin: 5px 0 20px 0;"> <br>Here is the list of SSL ciphers supported by the remote server :<br>Each group is reported per SSL Version.<br> <br>SSL Version : TLSv12<br>  High Strength Ciphers (&gt;= 112-bit key)<br> <br>    DHE-RSA-AES128-SHA           Kx=DH          Au=RSA      Enc=AES-CBC(128)         Mac=SHA1   <br>    DHE-RSA-AES256-SHA           Kx=DH          Au=RSA      Enc=AES-CBC(256)         Mac=SHA1   <br>    AES128-SHA                   Kx=RSA         Au=RSA      Enc=AES-CBC(128)         Mac=SHA1   <br>    AES256-SHA                   Kx=RSA         Au=RSA      Enc=AES-CBC(256)         Mac=SHA1   <br> <br> <br>SSL Version : TLSv1<br>  High Strength Ciphers (&gt;= 112-bit key)<br> <br>    DHE-RSA-AES128-SHA           Kx=DH          Au=RSA      Enc=AES-CBC(128)         Mac=SHA1   <br>    DHE-RSA-AES256-SHA           Kx=DH          Au=RSA      Enc=AES-CBC(256)         Mac=SHA1   <br>    AES128-SHA                   Kx=RSA         Au=RSA      Enc=AES-CBC(128)         Mac=SHA1   <br>    AES256-SHA                   Kx=RSA         Au=RSA      Enc=AES-CBC(256)         Mac=SHA1   <br> <br>The fields above are :<br> <br>  {OpenSSL ciphername}<br>  Kx={key exchange}<br>  Au={authentication}<br>  Enc={symmetric encryption method}<br>  Mac={message authentication code}<br>  {export flag}<div class="clear"></div>
</div>
<div class="clear"></div>
<div class="clear"></div>
</div>
<div xmlns="" class="clear"></div>
<div xmlns="" id="idp46438005371144" style="box-sizing: border-box; width: 100%; margin: 0 0 10px 0; padding: 5px 10px; background: #0071b9; font-weight: bold; font-size: 14px; line-height: 20px; color: #fff;" class="" onclick="toggleSection('idp46438005371144-container');" onmouseover="this.style.cursor='pointer'">57041 - SSL Perfect Forward Secrecy Cipher Suites Supported<div id="idp46438005371144-toggletext" style="float: right; text-align: center; width: 8px;">
                -
            </div>
</div>
<div xmlns="" id="idp46438005371144-container" style="margin: 0 0 45px 0;" class="section-wrapper">
<div class="details-header">Synopsis<div class="clear"></div>
</div>
<div style="line-height: 20px; padding: 0 0 20px 0;">The remote service supports the use of SSL Perfect Forward Secrecy ciphers, which maintain confidentiality even if the key is stolen.<div class="clear"></div>
</div>
<div class="details-header">Description<div class="clear"></div>
</div>
<div style="line-height: 20px; padding: 0 0 20px 0;">The remote host supports the use of SSL ciphers that offer Perfect Forward Secrecy (PFS) encryption.  These cipher suites ensure that recorded SSL traffic cannot be broken at a future date if the server's private key is compromised.<div class="clear"></div>
</div>
<div class="details-header">See Also<div class="clear"></div>
</div>
<div id="idp46438005374216" style="display: block;" class="table-wrapper see-also">
<table cellpadding="0" cellspacing="0">
<thead><tr><th width="100%"></th></tr></thead>
<tbody>
<tr class=""><td class="#ffffff"><a href="https://www.openssl.org/docs/manmaster/man1/ciphers.html" target="_blank">https://www.openssl.org/docs/manmaster/man1/ciphers.html</a></td></tr>
<tr class=""><td class="#ffffff"><a href="https://en.wikipedia.org/wiki/Diffie-Hellman_key_exchange" target="_blank">https://en.wikipedia.org/wiki/Diffie-Hellman_key_exchange</a></td></tr>
<tr class=""><td class="#ffffff"><a href="https://en.wikipedia.org/wiki/Perfect_forward_secrecy" target="_blank">https://en.wikipedia.org/wiki/Perfect_forward_secrecy</a></td></tr>
</tbody>
</table>
<div class="clear"></div>
</div>
<div class="details-header">Solution<div class="clear"></div>
</div>
<div style="line-height: 20px; padding: 0 0 20px 0;">n/a<div class="clear"></div>
</div>
<div class="details-header">Risk Factor<div class="clear"></div>
</div>
<div style="line-height: 20px; padding: 0 0 20px 0;">None<div class="clear"></div>
</div>
<div class="details-header">Plugin Information<div class="clear"></div>
</div>
<div style="line-height: 20px; padding: 0 0 20px 0;">Published: 2011/12/07, Modified: 2018/11/15<div class="clear"></div>
</div>
<div class="details-header">Plugin Output<div class="clear"></div>
</div>
<h2>tcp/8891</h2>
<div class="clear"></div>
<div style="box-sizing: border-box; width: 100%; background: #eee; font-family: monospace; padding: 20px; margin: 5px 0 20px 0;"> <br>Here is the list of SSL PFS ciphers supported by the remote server :<br> <br>  High Strength Ciphers (&gt;= 112-bit key)<br> <br>    DHE-RSA-AES128-SHA           Kx=DH          Au=RSA      Enc=AES-CBC(128)         Mac=SHA1   <br>    DHE-RSA-AES256-SHA           Kx=DH          Au=RSA      Enc=AES-CBC(256)         Mac=SHA1   <br> <br>The fields above are :<br> <br>  {OpenSSL ciphername}<br>  Kx={key exchange}<br>  Au={authentication}<br>  Enc={symmetric encryption method}<br>  Mac={message authentication code}<br>  {export flag}<div class="clear"></div>
</div>
<div class="clear"></div>
<div class="clear"></div>
</div>
<div xmlns="" class="clear"></div>
<h2 xmlns="" class=""></h2>
<div xmlns="" id="idp46438034655368" style="box-sizing: border-box; width: 100%; margin: 0 0 10px 0; padding: 5px 10px; background: #0071b9; font-weight: bold; font-size: 14px; line-height: 20px; color: #fff;" class="" onclick="toggleSection('idp46438034655368-container');" onmouseover="this.style.cursor='pointer'">22964 - Service Detection<div id="idp46438034655368-toggletext" style="float: right; text-align: center; width: 8px;">
                -
            </div>
</div>
<div xmlns="" id="idp46438034655368-container" style="margin: 0 0 45px 0;" class="section-wrapper">
<div class="details-header">Synopsis<div class="clear"></div>
</div>
<div style="line-height: 20px; padding: 0 0 20px 0;">The remote service could be identified.<div class="clear"></div>
</div>
<div class="details-header">Description<div class="clear"></div>
</div>
<div style="line-height: 20px; padding: 0 0 20px 0;">Nessus was able to identify the remote service by its banner or by looking at the error message it sends when it receives an HTTP request.<div class="clear"></div>
</div>
<div class="details-header">Solution<div class="clear"></div>
</div>
<div style="line-height: 20px; padding: 0 0 20px 0;">n/a<div class="clear"></div>
</div>
<div class="details-header">Risk Factor<div class="clear"></div>
</div>
<div style="line-height: 20px; padding: 0 0 20px 0;">None<div class="clear"></div>
</div>
<div class="details-header">Plugin Information<div class="clear"></div>
</div>
<div style="line-height: 20px; padding: 0 0 20px 0;">Published: 2007/08/19, Modified: 2020/01/27<div class="clear"></div>
</div>
<div class="details-header">Plugin Output<div class="clear"></div>
</div>
<h2>tcp/8082</h2>
<div class="clear"></div>
<div style="box-sizing: border-box; width: 100%; background: #eee; font-family: monospace; padding: 20px; margin: 5px 0 20px 0;">A web server is running on this port.<div class="clear"></div>
</div>
<div class="clear"></div>
<div class="clear"></div>
</div>
<div xmlns="" class="clear"></div>
<h2 xmlns="" class=""></h2>
<div xmlns="" id="idp46438034728072" style="box-sizing: border-box; width: 100%; margin: 0 0 10px 0; padding: 5px 10px; background: #0071b9; font-weight: bold; font-size: 14px; line-height: 20px; color: #fff;" class="" onclick="toggleSection('idp46438034728072-container');" onmouseover="this.style.cursor='pointer'">22964 - Service Detection<div id="idp46438034728072-toggletext" style="float: right; text-align: center; width: 8px;">
                -
            </div>
</div>
<div xmlns="" id="idp46438034728072-container" style="margin: 0 0 45px 0;" class="section-wrapper">
<div class="details-header">Synopsis<div class="clear"></div>
</div>
<div style="line-height: 20px; padding: 0 0 20px 0;">The remote service could be identified.<div class="clear"></div>
</div>
<div class="details-header">Description<div class="clear"></div>
</div>
<div style="line-height: 20px; padding: 0 0 20px 0;">Nessus was able to identify the remote service by its banner or by looking at the error message it sends when it receives an HTTP request.<div class="clear"></div>
</div>
<div class="details-header">Solution<div class="clear"></div>
</div>
<div style="line-height: 20px; padding: 0 0 20px 0;">n/a<div class="clear"></div>
</div>
<div class="details-header">Risk Factor<div class="clear"></div>
</div>
<div style="line-height: 20px; padding: 0 0 20px 0;">None<div class="clear"></div>
</div>
<div class="details-header">Plugin Information<div class="clear"></div>
</div>
<div style="line-height: 20px; padding: 0 0 20px 0;">Published: 2007/08/19, Modified: 2020/01/27<div class="clear"></div>
</div>
<div class="details-header">Plugin Output<div class="clear"></div>
</div>
<h2>tcp/8891</h2>
<div class="clear"></div>
<div style="box-sizing: border-box; width: 100%; background: #eee; font-family: monospace; padding: 20px; margin: 5px 0 20px 0;">A TLSv1 server answered on this port.<div class="clear"></div>
</div>
<div class="clear"></div>
<div class="clear"></div>
</div>
<div xmlns="" class="clear"></div>
<div xmlns="" id="idp46438034763784" style="box-sizing: border-box; width: 100%; margin: 0 0 10px 0; padding: 5px 10px; background: #0071b9; font-weight: bold; font-size: 14px; line-height: 20px; color: #fff;" class="" onclick="toggleSection('idp46438034763784-container');" onmouseover="this.style.cursor='pointer'">11153 - Service Detection (HELP Request)<div id="idp46438034763784-toggletext" style="float: right; text-align: center; width: 8px;">
                -
            </div>
</div>
<div xmlns="" id="idp46438034763784-container" style="margin: 0 0 45px 0;" class="section-wrapper">
<div class="details-header">Synopsis<div class="clear"></div>
</div>
<div style="line-height: 20px; padding: 0 0 20px 0;">The remote service could be identified.<div class="clear"></div>
</div>
<div class="details-header">Description<div class="clear"></div>
</div>
<div style="line-height: 20px; padding: 0 0 20px 0;">It was possible to identify the remote service by its banner or by looking at the error message it sends when it receives a 'HELP'<br>request.<div class="clear"></div>
</div>
<div class="details-header">Solution<div class="clear"></div>
</div>
<div style="line-height: 20px; padding: 0 0 20px 0;">n/a<div class="clear"></div>
</div>
<div class="details-header">Risk Factor<div class="clear"></div>
</div>
<div style="line-height: 20px; padding: 0 0 20px 0;">None<div class="clear"></div>
</div>
<div class="details-header">Plugin Information<div class="clear"></div>
</div>
<div style="line-height: 20px; padding: 0 0 20px 0;">Published: 2002/11/18, Modified: 2018/11/26<div class="clear"></div>
</div>
<div class="details-header">Plugin Output<div class="clear"></div>
</div>
<h2>tcp/8891</h2>
<div class="clear"></div>
<div style="box-sizing: border-box; width: 100%; background: #eee; font-family: monospace; padding: 20px; margin: 5px 0 20px 0;">A web server seems to be running on this port.<div class="clear"></div>
</div>
<div class="clear"></div>
<div class="clear"></div>
</div>
<div xmlns="" class="clear"></div>
<h2 xmlns="" class=""></h2>
<div xmlns="" id="idp46438034980104" style="box-sizing: border-box; width: 100%; margin: 0 0 10px 0; padding: 5px 10px; background: #0071b9; font-weight: bold; font-size: 14px; line-height: 20px; color: #fff;" class="" onclick="toggleSection('idp46438034980104-container');" onmouseover="this.style.cursor='pointer'">25220 - TCP/IP Timestamps Supported<div id="idp46438034980104-toggletext" style="float: right; text-align: center; width: 8px;">
                -
            </div>
</div>
<div xmlns="" id="idp46438034980104-container" style="margin: 0 0 45px 0;" class="section-wrapper">
<div class="details-header">Synopsis<div class="clear"></div>
</div>
<div style="line-height: 20px; padding: 0 0 20px 0;">The remote service implements TCP timestamps.<div class="clear"></div>
</div>
<div class="details-header">Description<div class="clear"></div>
</div>
<div style="line-height: 20px; padding: 0 0 20px 0;">The remote host implements TCP timestamps, as defined by RFC1323.  A side effect of this feature is that the uptime of the remote host can sometimes be computed.<div class="clear"></div>
</div>
<div class="details-header">See Also<div class="clear"></div>
</div>
<div id="idp46438034983176" style="display: block;" class="table-wrapper see-also">
<table cellpadding="0" cellspacing="0">
<thead><tr><th width="100%"></th></tr></thead>
<tbody><tr class=""><td class="#ffffff"><a href="http://www.ietf.org/rfc/rfc1323.txt" target="_blank">http://www.ietf.org/rfc/rfc1323.txt</a></td></tr></tbody>
</table>
<div class="clear"></div>
</div>
<div class="details-header">Solution<div class="clear"></div>
</div>
<div style="line-height: 20px; padding: 0 0 20px 0;">n/a<div class="clear"></div>
</div>
<div class="details-header">Risk Factor<div class="clear"></div>
</div>
<div style="line-height: 20px; padding: 0 0 20px 0;">None<div class="clear"></div>
</div>
<div class="details-header">Plugin Information<div class="clear"></div>
</div>
<div style="line-height: 20px; padding: 0 0 20px 0;">Published: 2007/05/16, Modified: 2019/03/06<div class="clear"></div>
</div>
<div class="details-header">Plugin Output<div class="clear"></div>
</div>
<h2>tcp/0</h2>
<div class="clear"></div>
<div class="clear"></div>
</div>
<div xmlns="" class="clear"></div>
<h2 xmlns="" class=""></h2>
<div xmlns="" id="idp46438035004808" style="box-sizing: border-box; width: 100%; margin: 0 0 10px 0; padding: 5px 10px; background: #0071b9; font-weight: bold; font-size: 14px; line-height: 20px; color: #fff;" class="" onclick="toggleSection('idp46438035004808-container');" onmouseover="this.style.cursor='pointer'">104743 - TLS Version 1.0 Protocol Detection<div id="idp46438035004808-toggletext" style="float: right; text-align: center; width: 8px;">
                -
            </div>
</div>
<div xmlns="" id="idp46438035004808-container" style="margin: 0 0 45px 0;" class="section-wrapper">
<div class="details-header">Synopsis<div class="clear"></div>
</div>
<div style="line-height: 20px; padding: 0 0 20px 0;">The remote service encrypts traffic using an older version of TLS.<div class="clear"></div>
</div>
<div class="details-header">Description<div class="clear"></div>
</div>
<div style="line-height: 20px; padding: 0 0 20px 0;">The remote service accepts connections encrypted using TLS 1.0. TLS 1.0 has a number of cryptographic design flaws. Modern implementations of TLS 1.0 mitigate these problems, but newer versions of TLS like 1.1 and 1.2 are designed against these flaws and should be used whenever possible.<br> <br>PCI DSS v3.2 requires that TLS 1.0 be disabled entirely by June 30, 2018, except for POS POI terminals (and the SSL/TLS termination points to which they connect) that can be verified as not being susceptible to any known exploits.<div class="clear"></div>
</div>
<div class="details-header">Solution<div class="clear"></div>
</div>
<div style="line-height: 20px; padding: 0 0 20px 0;">Enable support for TLS 1.1 and 1.2, and disable support for TLS 1.0.<div class="clear"></div>
</div>
<div class="details-header">Risk Factor<div class="clear"></div>
</div>
<div style="line-height: 20px; padding: 0 0 20px 0;">None<div class="clear"></div>
</div>
<div class="details-header">Plugin Information<div class="clear"></div>
</div>
<div style="line-height: 20px; padding: 0 0 20px 0;">Published: 2017/11/22, Modified: 2019/11/22<div class="clear"></div>
</div>
<div class="details-header">Plugin Output<div class="clear"></div>
</div>
<h2>tcp/8891</h2>
<div class="clear"></div>
<div style="box-sizing: border-box; width: 100%; background: #eee; font-family: monospace; padding: 20px; margin: 5px 0 20px 0;">TLSv1 is enabled and the server supports at least one cipher.<div class="clear"></div>
</div>
<div class="clear"></div>
<div class="clear"></div>
</div>
<div xmlns="" class="clear"></div>
<h2 xmlns="" class=""></h2>
<div xmlns="" id="idp46438035454856" style="box-sizing: border-box; width: 100%; margin: 0 0 10px 0; padding: 5px 10px; background: #0071b9; font-weight: bold; font-size: 14px; line-height: 20px; color: #fff;" class="" onclick="toggleSection('idp46438035454856-container');" onmouseover="this.style.cursor='pointer'">10287 - Traceroute Information<div id="idp46438035454856-toggletext" style="float: right; text-align: center; width: 8px;">
                -
            </div>
</div>
<div xmlns="" id="idp46438035454856-container" style="margin: 0 0 45px 0;" class="section-wrapper">
<div class="details-header">Synopsis<div class="clear"></div>
</div>
<div style="line-height: 20px; padding: 0 0 20px 0;">It was possible to obtain traceroute information.<div class="clear"></div>
</div>
<div class="details-header">Description<div class="clear"></div>
</div>
<div style="line-height: 20px; padding: 0 0 20px 0;">Makes a traceroute to the remote host.<div class="clear"></div>
</div>
<div class="details-header">Solution<div class="clear"></div>
</div>
<div style="line-height: 20px; padding: 0 0 20px 0;">n/a<div class="clear"></div>
</div>
<div class="details-header">Risk Factor<div class="clear"></div>
</div>
<div style="line-height: 20px; padding: 0 0 20px 0;">None<div class="clear"></div>
</div>
<div class="details-header">Plugin Information<div class="clear"></div>
</div>
<div style="line-height: 20px; padding: 0 0 20px 0;">Published: 1999/11/27, Modified: 2019/03/06<div class="clear"></div>
</div>
<div class="details-header">Plugin Output<div class="clear"></div>
</div>
<h2>udp/0</h2>
<div class="clear"></div>
<div style="box-sizing: border-box; width: 100%; background: #eee; font-family: monospace; padding: 20px; margin: 5px 0 20px 0;">For your information, here is the traceroute from 192.168.31.12 to 192.168.31.55 : <br>192.168.31.12<br>192.168.31.55<br> <br>Hop Count: 1<div class="clear"></div>
</div>
<div class="clear"></div>
<div class="clear"></div>
</div>
<div xmlns="" class="clear"></div>
<h2 xmlns="" class=""></h2>
<div xmlns="" id="idp46438035536776" style="box-sizing: border-box; width: 100%; margin: 0 0 10px 0; padding: 5px 10px; background: #0071b9; font-weight: bold; font-size: 14px; line-height: 20px; color: #fff;" class="" onclick="toggleSection('idp46438035536776-container');" onmouseover="this.style.cursor='pointer'">10386 - Web Server No 404 Error Code Check<div id="idp46438035536776-toggletext" style="float: right; text-align: center; width: 8px;">
                -
            </div>
</div>
<div xmlns="" id="idp46438035536776-container" style="margin: 0 0 45px 0;" class="section-wrapper">
<div class="details-header">Synopsis<div class="clear"></div>
</div>
<div style="line-height: 20px; padding: 0 0 20px 0;">The remote web server does not return 404 error codes.<div class="clear"></div>
</div>
<div class="details-header">Description<div class="clear"></div>
</div>
<div style="line-height: 20px; padding: 0 0 20px 0;">The remote web server is configured such that it does not return '404 Not Found' error codes when a nonexistent file is requested, perhaps returning instead a site map, search page or authentication page.<br> <br>Nessus has enabled some counter measures for this.  However, they might be insufficient.  If a great number of security holes are produced for this port, they might not all be accurate.<div class="clear"></div>
</div>
<div class="details-header">Solution<div class="clear"></div>
</div>
<div style="line-height: 20px; padding: 0 0 20px 0;">n/a<div class="clear"></div>
</div>
<div class="details-header">Risk Factor<div class="clear"></div>
</div>
<div style="line-height: 20px; padding: 0 0 20px 0;">None<div class="clear"></div>
</div>
<div class="details-header">Plugin Information<div class="clear"></div>
</div>
<div style="line-height: 20px; padding: 0 0 20px 0;">Published: 2000/04/28, Modified: 2015/10/13<div class="clear"></div>
</div>
<div class="details-header">Plugin Output<div class="clear"></div>
</div>
<h2>tcp/8891</h2>
<div class="clear"></div>
<div style="box-sizing: border-box; width: 100%; background: #eee; font-family: monospace; padding: 20px; margin: 5px 0 20px 0;"> <br> <br>CGI scanning will be disabled for this host because the host responds<br>to requests for non-existent URLs with HTTP code 302<br>rather than 404. The requested URL was : <br> <br>    https://192.168.31.55:8891/mocyaj7nwfdD.html<div class="clear"></div>
</div>
<div class="clear"></div>
<div class="clear"></div>
</div>
<div xmlns="" class="clear"></div>
<div class="clear"></div></div><div class="clear"></div></div><div style="width: 1024px; box-sizing: border-box; text-align: center; font-size: 12px; color: #999; padding: 10px 0 20px 0; margin: 0 auto;">
                    © 2021 Tenable™, Inc. All rights reserved.
                </div></body></html>
